1. Field
This invention relates generally to data networking, and more specifically, to a system and method to interactively resolve an identity.
2. Related Art
The secure data network of a company is a critical component for day-to-day functioning of company business activities. A company employee uses a host device, such as a desktop personal computer, a laptop personal computer, a personal data assistant (PDA), a workstation, or a smartphone to access the secure data network for communication within the company and with the outside world. An employee typically accesses the secure data network after a successful log-on process, using an employee name or an employee identity.
Information about an employee's access to the secure data network is recorded in the secure data network, such as in an identity server, an authentication server, or an identity management system. The information associates an employee identity with an identity of the host device used for the secure data network access, such as an Internet Protocol (IP) address or a Media Access Control (MAC) address.
Security data network also records network activities of the host device in the form of event logs, security alerts, network performance reports, or security monitor records. Information technologies (IT) staff supporting the security data network often have to plow through a large volume of such information to troubleshoot security instances, such as security breaches, suspicious network activities or employee complaints. Oftentimes, IT staff has to discover the owner of a host device, or the employee who is using the host device at the time of the security instance in order to troubleshoot a security instance.
In one example, IT support engineer Eddie receives a security alert, flagging a suspected malicious attack to the secure data network from a host device. The security alert includes an Internet Protocol (IP) address of the host device. In order to contact the employee using the host device for remedial action, Eddie first queries a Dynamic Host Control Protocol (DHCP) server to find a device identity such as a Media Access Control (MAC) address of the host device. In one scenario, Eddie queries a directory server, or an identity server to find the employee who is using the host device. In another scenario, Eddie checks an inventory record, such as an inventory database, a spreadsheet or a hard copy list to find the employee or the department who owns the host device. This largely manual process unfortunately, takes minutes if not hours to complete. This not only hampers Eddie's ability to solve other security issues, but may also spell lost opportunity to come up with a timely remedial solution for the security instance.
In another example, while monitoring the secure data network, Eddie notices unusual confidential document retrieval activities associated with an employee name “Maria Vista”. Eddie manually queries an identity server for security network access information, and finds that “Maria Vista” has accessed secure data network using three different devices in the past 2 hours. Alarmed, Eddie manually looks up inventory database and other network configuration information to locate the devices. This slow process causes unacceptable delay, and by the time Eddie sends a security guard to investigate, the alleged perpetrator is nowhere to be found.
Accordingly, there is a need for a system and method to allow an IT personnel to interactively resolve a host device identity to an employee identity, and vice versa. This invention addresses such a need.